How can enterprises avoid the majority of commodity attacks?

As commodity attacks become increasingly prevalent, enterprises must develop a robust security strategy

26th July 2019

Over the past year, large and business-damaging “mega breaches” caused by targeted attacks exposed a mass amount of records. Phishing emails, the most common attack vector for targeted attacks, also increased by 250%.

In order to avoid or mitigate the majority of commodity attacks, it is integral that enterprises increase their basic security hygiene practices. Indeed, advances made at this level have caused the overall number of breaches reported in the US to decrease.

The threats of today

According to a SANS whitepaper, larger enterprises have made advances in securing sensitive data. Sponsored by Anomali, the paper also found that the average cost of a breach in 2018 was approximately $5.1 million, in comparison to $12.1 million in 2017.

At the 2019 threat expert panel, moderated by SANS founder and research director Alan Paller, three SANS experts offered their take on the threats facing enterprises today. According to Ed Skoudis, SANS Faculty Fellow and Director of SANS Cyber Ranges and TeamBased Training, direct manipulation attacks pose a great danger.

In effect, attackers obtain username and password credentials through targeted phishing attacks. Hackers can also execute this via direct attacks on servers or files where organisations have stored passwords or hashes insecurely.

Attackers then use these credentials in order to log on to DNS providers and domain name registrars. In turn, this enables them to manipulate DNS records to redirect traffic to and/or from an organisation.

Avoiding commodity attacks

As SANS observes, basic security hygiene is the foundation of every successful cybersecurity program. The Centre for Internet Security Critical Security Controls offers a widely accepted community-driven framework with a prioritised list of security processes.

In effect, these controls provide efficient and effective starting points for dealing with the aforementioned attacks. First and foremost, knowing what hardware, operating systems, and applications need protecting is crucial.

Alongside an accurate asset inventory, continuous vulnerability assessment and mitigation are both vital. For rapid and accurate incident response, collection and analysis of logging data from all levels of networks and hosts are also integral.

Critical Security Controls

While these improvements contribute towards a robust defence system against broadly launched attacks, they form a basic level of security. Indeed, advanced targeted attacks require the skills, processes and controls from the higher levels of the Critical Security Controls.

Overall, the Critical Security Controls provide a strong baseline level of effective security. Nevertheless, every organisations should perform a risk assessment specific to its own business environment, corporate culture, and threat analysis.

As the whitepaper notes, advanced targeted attacks against infrastructure services and employees will continue to evolve. As a result, commodity attacks demand advances in staff skills, security processes, and a blend of security controls.